Kubernetes Configmaps and secrets : Day 19 of 40daysofkubernetes

Kubernetes Configmaps and secrets : Day 19 of 40daysofkubernetes

ยท

3 min read

Introduction

In modern cloud-native applications, managing configuration and sensitive data efficiently and securely is essential. Kubernetes addresses this need with ConfigMaps and Secrets. ConfigMaps store non-confidential configuration data, enabling dynamic updates and easy application portability. Secrets securely manage sensitive information like passwords and tokens. By separating configuration and sensitive data from application code, Kubernetes enhances security, flexibility, and adherence to best practices. Let's understand these concepts better through hands-on examples.

ConfigMaps

ConfigMap is a Kubernetes resource used to store non-confidential data in key-value pairs. It allows you to decouple configuration artifacts from image content to keep containerized applications portable.

Example

  1. Create a Pod with an Environment Variable

     apiVersion: v1
     kind: Pod
     metadata:
       name: myapp
       labels:
         name: myapp-pod
     spec:
       containers:
         - name: myapp-container
           image: busybox:1.28
           command: ['sh', '-c', 'echo The app is running! && sleep 3600']
           env:
             - name: FIRSTNAME
               value: "shivam"
    

    The above YAML file (pod.yaml) creates a pod with the BusyBox image. It sets an environment variable FIRSTNAME within the container. Apply this file and execute into the container to check the environment variable:

     kubectl apply -f pod.yaml
     kubectl exec -it myapp -- sh
     echo $FIRSTNAME  # Output will be "shivam"
    

  2. Create a ConfigMap

    Next, we'll create a ConfigMap to store these values and inject it into the Pod.

     kubectl create configmap app-cm --from-literal=firstname=shivam --from-literal=lastname=gautam
    

  3. Inject ConfigMap into a Pod

    Now, modify the Pod definition to use the ConfigMap:

     yamlCopy codeapiVersion: v1
     kind: Pod
     metadata:
       name: myapp
       labels:
         name: myapp-pod
     spec:
       containers:
         - name: myapp-container
           image: busybox:1.28
           command: ["sh", "-c", "echo The app is running! && sleep 3600"]
           env:
             - name: FIRSTNAME
               valueFrom:
                 configMapKeyRef:
                   name: app-cm
                   key: firstname
    

    Apply this YAML file:

     kubectl apply -f pod.yaml
    

    When you describe the Pod, you will see that the FIRSTNAME environment variable is now sourced from the ConfigMap.

  4. Declarative ConfigMap Creation

    If you have many key-value pairs, creating a ConfigMap from the command line can be cumbersome. Instead, you can create it declaratively using a YAML file. You can generate this file with an imperative command:

     kubectl create configmap app-cm --from-literal=firstname=shivam --from-literal=lastname=gautam --dry-run=client -o yaml > cm.yaml
    

    This will generate a cm.yaml file:

     apiVersion: v1
     kind: ConfigMap
     metadata:
       name: app-cm
     data:
       firstname: shivam
       lastname: gautam
    

    Apply this YAML file:

     kubectl apply -f cm.yaml
    

ConfigMaps can also be used by mounting them as volumes, which we will cover in future posts in this series. You can also learn more about ConfigMaps from the official documentation.

Secret in Kubernetes

Secret is similar to ConfigMap but is used to store confidential data, such as passwords, OAuth tokens, and SSH keys.

For a better understanding, I highly recommend doing some hands-on practice. You can find more detailed information in the official Kubernetes documentation on Secrets.

By using ConfigMaps and Secrets, you can manage configuration and sensitive data efficiently and securely in Kubernetes, making your applications more portable, secure, and easy to manage.

Resources I used

ย